Cyber security vendor Qualys has found a logic bug in the Linux kernel which, if exploited, can be abused to escalate standard user privileges to those of the root superuser with full administrative system rights.
Qualys said the flaw was introduced into the Linux kernel in November 2016, and has been present ever since.
It abuses a kernel function, __ptrace_may_access() that controls if one process can inspect another one, and is a logic bug, that is exploitable with a race condition for local privilege escalation, as well as information disclosure.
In its advisory for the vulnerability, indexed as CVE-2026-46333, Qualys included four proofs-of-concept (PoCs).
The security vendor showed how PoCs could be used by unprivileged local attackers to read password hashes, steal secure shell (SSH) keys, and to run arbitrary commands as root.
Qualys confirmed that the exploits work on default installations of Linux distributions Debian 13, Ubuntu 24.04 and 26.04, and Fedora 43 and 44.
Following a report from Qualys, a patch was issued for the Linux kernel.
While the vulnerability requires local system access, Qualys Threat Research Unit senior manager Saeed Abbasi said its impact is severe.
"Local does not mean low priority," Abbasi said.
"Any unprivileged shell on a vulnerable host is enough to read /etc/shadow, exfiltrate SSH host private keys, or execute arbitrary commands as root through hijacked dbus connections to systemd," he added.
Abbasi said the vulnerable code, which has shipped in mainline Linux kernels since November 2016, created historical exposure that spans nearly a decade of enterprise fleets, cloud images and container hosts.
Several local privilege escalation vulnerabilities have been discovered in the Linux kernel over the past couple of months, such as Copy Fail, and Dirty Frag.
iTnews Executive Retreat - Data & AI Edition
.png&w=120&c=1&s=0)
iTnews Cloud Covered Breakfast Summit
iTnews State of Security Breakfast
The 2026 iAwards
.jpg&w=120&c=1&s=0)
Integrate 2026
_(1).jpg&h=140&w=231&c=1&s=0)
